def edit(request, message_id=None): if message_id: message = get_object_or_404(Message, pk=message_id) if message.expediteur != request.user.get_profile(): return HttpResponseForbidden() else: return HttpResponseForbidden() if request.POST: form = MessageForm(request.POST, instance=message) if form.is_valid(): message = form.save() message.objet=sanitizeHtml(message.objet) message.contenu=sanitizeHtml(request.POST['contenu']) message.save() # If the save was successful, redirect to another page redirect_url = message.get_absolute_url()#reverse(article_save_success) return HttpResponseRedirect(redirect_url) else: form = MessageForm(instance=message) return render_to_response("messages/nouveau.html", { 'form': form, }, context_instance=RequestContext(request))
def nouveau(request, association_pseudo): if request.method == 'POST': eleve = request.user.get_profile() association = get_object_or_404(Association,pseudo=association_pseudo) if Adhesion.existe(eleve, association): #On cree le message SANS OUBLIER de passer par le SANITIZER, pour escaper le js et les tags html non autorisés message = Message.objects.create(expediteur=eleve,association=association,objet=sanitizeHtml(request.POST['objet']),contenu=sanitizeHtml(request.POST['contenu']),date=datetime.now()) return redirect(message) else: liste_assoces = Association.objects.all() form = MessageForm() return render_to_response('messages/nouveau.html', {'liste_assoces': liste_assoces, 'form':form},context_instance=RequestContext(request))
def nouveau(request, association_pseudo): if request.method == 'POST': if request.POST['destinataire'] == '': receiver = None else: receiver = Association.objects.get(id = request.POST['destinataire']) if Adhesion.objects.filter(association=get_object_or_404(Association,pseudo=association_pseudo), eleve=request.user).exists(): #Si l'utilisateur est membre de l'assoce #On cree le message SANS OUBLIER de passer par le SANITIZER, pour escaper le js et les tags html non autorisés Message.objects.create(association=Association.objects.get(pseudo=association_pseudo),objet=sanitizeHtml(request.POST['objet']),contenu=sanitizeHtml(request.POST['contenu']),date=datetime.now(),expediteur=request.user.get_profile(), destinataire=receiver) return redirect('/associations/'+association_pseudo) else: liste_assoces = Association.objects.all() form = MessageForm() return render_to_response('messages/nouveau.html', {'liste_assoces': liste_assoces, 'form':form},context_instance=RequestContext(request))